CVE-2026-42592

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.32.0

Description A DNS rebinding issue exists in the FilterOutboundURL function. The software resolves a hostname to check it against a private-address deny-list but discards the resolved addresses. Because Chromium performs its own independent DNS resolution when navigating to a URL, an attacker controlling a hostname with a short Time to Live (TTL) can return a public IP during the initial check and a private IP during the actual connection. This creates a timing window between the check performed by the Fetch.requestPaused handler and the TCP connection. Consequently, an unauthenticated attacker can bypass the deny-list to access internal HTTP services on the loopback interface, cloud metadata endpoints, or other private-network addresses, receiving the rendered internal response as a PDF.

Recommendations Update to version 8.32.0. As a temporary workaround, restrict access to the network or use the --chromium-host-resolver-rules flag to manually map hostnames to specific IPs.